CISA adds 75 known exploited vulnerabilities to list, including new Cisco flaw
The US Cybersecurity and Infrastructure Security Agency (CISA) last week added more than 70 vulnerabilities to its list of known exploited vulnerabilities that US agencies must fix by a specific date, indicating an increased risk if the flaws not be patched.
CISA added 34 bugs on Wednesday Catalog of known exploited vulnerabilitiesin addition to 20 on Tuesday and another 21 on Monday.
As with previous additions, many of the bugs added are several years old, with several Microsoft, Adobe, Oracle, IBM, Apple, and Linux bugs dating back more than eight years. This indicates that attackers are still exploiting these older bugs in unpatched systems.
Most bugs have a fix due date in the second full week of June, indicating an increased risk level if organizations continue to use the outdated software.
According to CISA, the bugs are added to the catalog of known exploited vulnerabilities based on evidence of active exploitation, where the vulnerabilities are a common attack vector for malicious actors. A US security policy mandates agencies to fix the vulnerabilities by a specific date to protect them from compromise, but CISA urges all organizations to mitigate their risk by patching software as soon as possible.
The oldest recently added vulnerabilities are 2010 bugs in Red Hat JBoss and Oracle Java Runtime Environment.
Only one 2022 vulnerability was part of the latest addition, an open port vulnerability in Cisco IOS XR tracked as CVE-2022-20821. Despite a medium severity level, Cisco urges IT admins to patch it immediately, as a remote attacker could use it to access the Redis instance running in the NOSi container and write to the Redis In-Memory database as well write arbitrary files to the container file system and retrieve information about the Redis database.
“Given the configuration of the sandbox container in which the Redis instance runs, a remote attacker would not be able to run remote code or abuse the integrity of the Cisco IOS XR Software host system,” Cisco says in one advisory.
The company says this affects Cisco 8000 series routers if they’re running a vulnerable version of Cisco IOS XR software and have the Health Check RPM installed and active.